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I, the undersigned, being an officer duly authorised in accordance with Section 74(1) and (4) 
of the Deregulation & Contracting Out Act 1994, to sign and issue certificates on behalf of the 
Comptroller-General, hereby certify that annexed hereto is a true copy of the documents as 
originally filed in connection with the patent application identified therein. 



In accordance with the Patents (Companies Re-registration) Rules 1982, if a company named 

in this certificate and any accompanying documents has re-registered under the Companies Act cfe 

1980 with the same name as that with which it was registered immediately before re- «, ( ^ 

registration save for the substitution as, or inclusion as, the last part of the name of the words jfc - * 

"public limited company" or their equivalents in Welsh, references to the name of the company Q[ 
in this certificate and any accompanying documents shall be treated as references to the name 

with which it is so re-registered. |b|L 

CD" 

In accordance with the rules, the words "public limited company" may be replaced by p. I.e. , ("^ 

plc, P.L.C. or PLC. O 



Re-registration under the Companies Act does not constitute a new legal entity but merely 
subjects the company to certain additional company law rules. 
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Dated 2 March 2004 
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Warning 

After an application for a patent has been filed, the Comptroller of the Patent Office will consider whether publication or communication of 
the invention should be prohibited or restricted under Section 22 of the Patents Act 1977. You will be informed if it is necessary to prohibit 
or restrict your invention in this way. Furthermore, if you live in the United Kingdom, Section 23 of the Patents Act 1977 stops you from 
applying for a patent abroad without first getting written permission from the Patent Office unless an application has been filed at least 6 
weeks beforehand in the United Kingdom for a patent for the same invention and either no direction prohibiting publication or 
communication has been given, or such direction has been revoked. 
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paper and write "see continuation sheet " in the relevant partfs). Any continuation sheet should be attached to this form. 

i) If you have answered Tes ' Patents Form 7/77 will need to be filed. 
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IMPROVED SMARTCARD 

Smartcards are limited in memory size by the die size. 

£Tlu e S™ aS been a pP reciate d that attaching a second memory chip such as a 
FLASH ROM can greatly extend the storage capacity. The problem with this 
however, is that the security of the data must be as good as if it was stored internally 
to the smartcard device to be a useful. y 

^S^i" 16 ^^ a A ? ch £ me for securing the data stored in an external memory 
(XMEM) attached to the Smartcard secure microcontroller will be described below in 
detail, by way of example only, with reference to the drawings, in which: 

Figure 1 illustrates the XMEM page structure; 



This document details the low level design of the Smartcard operating system to 
Memory (XMEM) communication functions for securely communicating and storing 
data on an external Flash memory chip connected to a. smartcard. These functions 
are called by higher-level function to read and update data in XMEM The XMEM 
may be, for example, an ATMEL AT45DB321B 4Mbyte Serial Data Flash 
Communication with the XMEM is done using the AT903232CS SPI hardware and • 
one of the IO lines is used as the chip selected. However the principles would apply 
to any Smartcard micro-controller with available I/O to interconnect to a serial FLASH 
device. 

Each XMEM page contains 528 bytes. The page structure is shown in Figure 1 The 
* n £S e l ( f a9e Header ) contains a byte to indicate the page is not erased (value 
not OxFF), 5 bytes of random data, 2 bytes indicating the page number and a 1 byte 
sequence member. The Page Header is followed by 512 bytes of data. The trailing 8 
bytes contain the Page Header CBC encrypted with the 512 data bytes. The Page 
Header is not encrypted to allow the chip to derive the page keys 



Security and Reliability 

Tf ?. e ?Sy EM drivers P rov 'de implement the following features to enhance security and 
reliability. ' 

• The 512 data bytes within a page are Triple DES CBC Encrypted Any 
changes to the data will change and invalidate the MAC 

• Each page contains an 8 byte 3DES MAC. 

• Each page is cryptographically embedded with it page number to allow 
confirmation that the page read is the page requested. The page number is 
protected from modification by the page MAC. 

• The Master DES keys used to derive the page keys are unique to the chip 
and generated automatically internally the first time the chip is reset. These 
DES keys cannot be read or updated externally. 

• The DES keys to encrypt and sign a page are regenerated on each update to 
the page from the Master Key, random data, page number and page 
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sequence number. This is an additional security feature to increase the 
complexity of a known text attack to obtain the keys, as the keys and 
therefore the MAC change on each update of the page. 

• Each Page contains a one byte sequence number that is incremented on 
each update to the page. The sequence numbers are verified on a page read 
operation. The sequence numbers do not start at a 0x00 but are initialised 
with a random number; therefore the sequence number cannot be derived 
from the number of total updates to the page. The use of page sequence 
numbers increases the complexity of the attack by supplying the same page 
with previous contents. Without a sequence number this would be possible, 
as the page would have a valid MAC and valid page number. 

• All Updates to the XMEM are verified by reading the XMEM after . 
programming. 

• The HAL functions will attempt to read or update the page 3 times before 
exiting. 

• If a page is found to be erased it is initialised to a random value on reading. It 
will not be possible then to erase a page externally to force a page of known 
erased value to be read internally. 

Sequence Numbers 

The ATMEL AT45DB321B (XMEM) contains 8192 pages FLASH memory. Each 
page of the XMEM has an individual sequence number (1 byte). A copy of the 
sequence number must be stored elsewhere to compare with the page when read. 
To stop the copy of the sequence number being modified it must be protected. This 
can be achieved by storing all of the sequence numbers internally to the smartcard. 
This may not be suitable, as it requires 8192 bytes of EEPROM to be reserved for 
the sequence numbers. This problem is solved by reserving 32 pages of XMEM to 
each store 256 sequence numbers of the other 8160 pages. These pages are 
protected as normal, but their sequence numbers are stores in the smartcard 
EEPROM. 

High Level Overview 

Figure 2 below details the call sequence for the External Read and Update page 
functions which are as follows. 

ReadXMEMPage: 

Void readXMEMPage(word pageNum) 

This function will read a page from XMEM. The function will call the function 
getPageSeqNum to read the expected page sequence number to compare it with the 
page received. 

The function will call the doRead function to perform the actual reading of the pages, 
decryption and MAC verification. 

An error will be returned if the read page sequence number is incorrect. 



updateXMEMPage: 

void readXMEMPage(word pageNum) 

This function will update a page in XMEM and requires the page to be previously 
read to retrieve the existing page sequence number. 

This function will call the loadPageKeys functions to derive new keys for the page 
based on the page number, updated sequence number and random data. 

This function will perform the actual updating of the XMEM page using the SPI 
hardware to send the program command and data to the XMEM chip. 
This function will call the doRead function to verify the updated data programmed 
correctly in the XMEM. 

doRead: (internal Function) 

void doRead(word pageNum, byte mode) 

This function will read a page from XMEM or verify a page in XMEM. It has two 
modes: 

1. It will read the page, decrypt the data, calling the loadPageKeys to derive the 
page keys and check the MAC and page numbers are correct 

2. It will read the page to verify the encrypted data sent to update the XMEM page 
was programmed correctly. 

loadPageKeys: 

void loadPageKeys(byte mode, word pageNum) 

This function will load the Keys to encrypt/decrypt a page and generates the key 
diversification string if updating a page using random data, the page number and the 
incremented page sequence number or when reading it uses the first XMEM page as 
the diversification string. The diversifications string is encrypted with the chip unique 
Master XMEM keys to give chip, page and sequence unique keys. The Keys are 
loaded into the DES hardware. 

getPageSeqNum: 

byte readXMEMPage(word pageNum) 

This function will return the page sequence number for the page. This function may 
have is called by the readXMEMPage function to return the page sequence number. 
It will make a recursive call to the readXMEMPage function to read the XMEM page 
that contains the original page sequence number requested. 



3 



Figure 1 



Page 
Header 


Page 
Erase 
Indicator 1 
byte 


Random String 
5 bytes 


Page 
Number 
2 bytes 


Seq 

Num 

1 

byte 


Page Data 


512 bytes of data (CBC Encrypted. 






Page MAC 


8 byte MAC (calculated over previous 620 b y U») 



read Page 
Returns the Data 
page 



Request XMEM 
page with Seq 
numbers 



getPageSeqNum 



Read the Page 
with the Seq 
numbers 



readPage 



Get the sequence 
number of the XMEM 
page containing the 
sequence numbers 



getPageSeqNum 



Actually do the reading of 
the XMEM page that 
contains the seq numbers 



doRead(READ) 



loadPageKeys(DEC) 



[Re 



doRead(READ) 



Read the data 
page 



Get the Existing Key 
of the XMEM seq page ' 



loadPageKeys(DEC) 



Get the Existing Keys 
of the Data page 




badPageKeys(ENC) 




> 

< 


getPageSeqNum 



doRead(VERIFY) 



Figure 2 



5 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 

BEST AVAILABLE IMAGES 

Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

□.BLACK BORDERS 

£i IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 
FADED TEXT OR DRAWING 

□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

□ LINES OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



